[SingCERT] Outspread of Singworm over MSN instant messenging service

Last Updated on Tuesday, 02 October 2007 18:06

[Summary]
There have been reports of a worm (dubbed "Singworm") spreading through the MSN messenger instant messaging client. Users are infected when they execute the malware downloaded from the infectious link sent from their MSN contacts. Singworm is a cocktail of various pieces of malware built mainly for spamming.

Singworm will download another adware/spyware-like program (winsys.exe) whose variants have been known to be involved in various types of data theft, including login details, banking information and personal data.

When triggered, Singworm will attempt to start sending spam via the collection of files already deposited on the infected user's machine. On occasions, the spam process will hog the infected system's resources such that a system reboot is required.

Singworm propagates by sending a infectious link to all the MSN contacts of the infected user.

[Solution]
GITSIR is currently working closely with the various AV vendors for a solution and will provide an update when available. Users are advised to exercise extreme caution when dealing with hyperlinks received from their MSN contacts. Users are strongly advised to clarify with the message sender with regards to any received hyperlinks or if the received message appears suspicious.

[Reference]
http://blog.spywareguide.com/2007/08/singworm_spreading_in_singapor.html

< Prev		Next >